FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mediawiki -- cross site scripting vulnerability

Affected packages
1.4 <= mediawiki < 1.4.14
1.5 <= mediawiki < 1.5.7

Details

VuXML ID 74b7403c-c4d5-11da-b2fb-000e0c2e438a
Discovery 2006-03-27
Entry 2006-04-05

The mediawiki development team reports that there is an site scripting vulnerability within mediawiki. The vulnerability is caused by improper checking of encoded links which could allow the injection of html in the output generated by mediawiki. This could lead to cross site scripting attacks against mediawiki installations.

References

Bugtraq ID 17269
CVE Name CVE-2006-1498
URL http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.